Yes, they will initially connect to the old epo server's key.  If you want them to use the new epo master key, then make sure that the new epo server's keys are set to master, then in the update task, enable the agent key updater package to be update.  This allows clients to switch to the new key.  If you don't have that checked in, then check in both the latest agentkeyupdater package as well as the msgbus cert updater one into current branch.

-Looks like both the agentkeyupdater package and the msgbus cert updater are checked in. 

-When i click on System Tree -> Assigned Client Task -> Product Update i can see DailyDAT/AMCore Update MM task is assigned to the root (My Organization). Are you talking about this option ? Inside that i can see a checkbox for "ePO Agent Key Updater 5.6.2" under Package Types -> Patche and service packs. If i check that box, it will only update the Key which are not using Master right ? Also it will not mess up anything with the existing systems right ?

It will not affect any existing systems, it is only a mechanism for updating the agent keys to a new one.

What if i leave those devices on the old server key ? What's gonna happen if i decommission the old server ? The old key will still right since it's been migrated to the new EPO ?

That will be fine - as long as you keep the key in the new ePO server the clients will continue to use it.

I was able to transfer one test device successfully to the new EPO but looks like when i tried to do the "Agent Wake Up Call" it's just getting failed. Any thoughts ?

Is the client you are trying to wake up connected via vpn?  If so, wakeups won't work - see KB58818.  Otherwise see if there is any firewall in between, whether epo can resolve the dns of client, can you telnet to port 8081 to that client, etc.  You have to verify reachability.

-The client is not on VPN

-I can ping the device from EPO

-I was able to telnet to 8081

Still the task is failing.

Then we would need an SR to view logs and would also require a wireshark capture.  We would need agent system mer (mer.mcafee.com) as well as one from the epo server or agent handler that the client is talking to.  From the log entries, it appears there is a proxy or firewall either blocking or doing ssl inspection.